Host Checking with Machine Certificate verification (using OpenSSL for certification)

Host Checking with Machine Certificate verification (using OpenSSL for certification).

Configure Host Checker to verify Machine Certificate.

Note: The commands in the procedure below are executed on a Windows machine using the

. If you are running OpenSSL on a Unix machine, remove –

from the command.

Create a Certificate Authority using OpenSSL (3 steps)

1. Create CA Private Key.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-1

2. Create CA Certificate from the Private Key.

Enter all the details for the Distinguished Name of the certificate, such as country, organization name, common name, and so on, when prompted.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-2

3. Combine ca.crt and ca.key into One File.

Enter an export password for the p12 file when prompted (the password can be left blank).

Host Checking with Machine Certificate verification (using OpenSSL for certification)-3

Create a Client Certificate using OpenSSL (4 steps)

1. Create a Client Private Key.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-4

2. Create a Client Certificate Signing Request using Client Key.

Enter all the details for the Distinguished Name of the certificate, such as country, organization name, common name, and so on, when prompted.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-5

3. Sign the Request with CA to Create the Client Certificate.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-6

4. Combine Client Certificate and Key File into One File.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-7

Note:

  • Sign each certificate with CA.
  • All the certificate and key files are stored under …
    , unless a path is specified while creating the particular file or is specified in the
    configuration file.

Configure Machine Authentication (5 steps)

1. Upload the CA (ca.crt) Certificate under Trusted Client CAs.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-8

2. Create a New Host Checker Policy and add a New Rule Setting of Type Custom:Machine Certificate.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-9

3. Select the Machine Certificate you want to Verify as Part of Host Checking.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-10

4. Create Separate Custom: Machine Certificate Rules for Different Client Computers with Different Certificates Installed on Them.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-11

Configuring Client Certificate on Client Machine

Install the client certificate on the corresponding client machine under Trusted Root Certification Authorities > Personal certificate stores.

1. Go to Start > Run > type mmc and click OK.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-12

2. On the console go to File > Add/Remove Snap-ins. Select Certificates from the list.

3.Click Add and press Ok.

4.Select Computer account and click Next.

5.On the next window, select Local Computer then click Finish.

Host Checking with Machine Certificate verification (using OpenSSL for certification)-13

Host Checking with Machine Certificate verification (using OpenSSL for certification)-14

6. Import the client certificate (*.p12) under Certificates (Local Computer) > Personal > Certificates as shown above.

About the author

Prasanna

Leave a Comment